Are all your machines encrypted? If a laptop was lost is the data protected or you’ll need to declare. Microsoft Defender for EndPoint (aka ATP) stores Bitlocker status information. Use the following KQL query in the Advanced Hunting portal.
The following KQL was inspired by SecGuru_OTX’s twitter post (below)
M365 Advanced Hunting:— CISOwithHoodie (@SecGuru_OTX) June 9, 2021
Detect Bitlocker non-compliant Windows 10 devices with "Encrypt all Bitlocker supported drives" setting. pic.twitter.com/YpcNf6NKxe
Find more IT Infrastructure tips at blog.alexmags.com